Lockbin is a web application for sending private email messages and files. It's free! People use it to send things like credit card numbers or confidential information.
Lockbin was built with Hipaa regulations as a primary consideration. Lockbin uses FIPS 140-2 encryption libraries, and takes extraordinary precautions to protect and destroy EPHI. Learn more about how Lockbin is Hipaa compliant.
You can, but someone might intercept your message. That's why people shouldn't send sensitive information over regular email. Lockbin also ends message persistence, which means your email message will not be backed up on email servers or stored in backup files. Network sniffers can also spy on your email traffic while in transit. Use Lockbin to obscure the content of your message and avoid these hazards to your privacy.
Your message and file attachments (data at rest) are protected by strong AES-256 bit encryption delivered from a FIPS 140-2 verified cryptolibrary. Lockbin users create their own account passwords. This means it's not necessary to agree on a password before you send someone a Lockbin message. This makes secure messaging easy. Lockbin also maintains a legacy capability to password encrypt a message. You can opt to encrypt the message using a password known to the recipient.
If the recipient clicks the Delete button after viewing the message, it is immediately marked for deletion and is no longer available for retrieval. If the file is read but not marked for deletion, it will be removed within 24 hours; this short delay gives the recipient time to download large files, or to resume interrupted downloads. Uncollected messages are automatically destroyed at six months. Files are deleted in batches using a military grade multi-pass erasure method.
No, we cannot see your message. The message is encrypted using your password before it is stored in our server, and the password does not remain on our servers. No unencrypted files are stored on our server. We have no way to decrypt your message, and we can't help you if you forget the password. Although we can see files that are encrypted, we are not able to decipher the files.
Pretty darn safe. Nothing is perfect, and neither is this, but it is certainly safer than sending sensitive data directly through email. The largest threats to this method would be 1) capturing the sender or recipient's password by spoofing the Lockbin website, or 2) a screen capture virus that images the decrypted message on the recipient's computer, or keystroke logger.
We absolutely will not spam nor voluntarily share any information about our users. If we did no one would use Lockbin. We make money by providing subscriptions to an advanced tier of services, and by consulting with companies who are interested in leasing a Lockbin server.
No. Lockbin must only be used for legal purposes.
Your privacy is a big deal. That's why we support the Electronic Frontier Foundation, both morally and financially. Visit them at https://eff.org Tell them Lockbin sent you. Some other projects we find interesting include https://www.torproject.org (anonymous web browsing), https://Crypto.cat(IM), and EFF's project to encrypt the web, https://www.eff.org/https-everywhere. There are many other worthwhile projects, but these are good places to begin.
If you use a strong password it is. AES-256 is not known to have been cracked through brute force. It's been said by people smarter than us that it would take a 4 GHz computer 4.5865*10^59 years to search just half the key space, a period of time in which most scientists believe the universe will cease to exist long before that happens.
Files and messages uploaded to Lockbin.com are first encrypted as they are streamed to the primary storage disks. They are never stored in an unencrypted state. The encrypted files are then mirrored to our backup server facility. We do not retain a backup of files which our users have removed or which have not been retrieved within six months.
All Lockbin.com data is stored within the United States. As a U.S. company, we are obligated to comply with legal court orders asking for information. If legally demanded, we must supply your encrypted documents and meta data to investigators. Lockbin does not have a back door and so we are unable to supply decryption keys for your documents.
Many people have expressed this sentiment to us recently, especially our friends in Europe. We are currently looking for partners in France, Germany, U.K. and Netherlands and other countries who would be willing to work with us to setup and manage locally hosted versions of Lockbin. We will keep you posted as our localization project continues. Should we take on local partners, you will see them announced here; if they are not listed here, they are not genuine.
Since publication of news that some U.S. companies have provided direct access of their servers to the government, we have fielded questions like this many times. As of this week, no government authority has demanded access to our servers, nor have we been asked to accommodate any government surveillance of Lockbin users. If the time comes when such a demand is made, we would likely be prevented from telling you about it. However, we could not in good conscience continue to publicly maintain this claim, as we are doing right now.
